diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index bf4aa6e..c881b72 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13277,6 +13277,17 @@
       },
       "uuid": "43236d8e-27ee-40f1-ad15-a2ad23738a76",
       "value": "N4ughtysecTU"
+    },
+    {
+      "description": "Moshen Dragon is a Chinese-aligned cyberespionage threat actor operating in Central Asia. They have been observed deploying multiple malware triads and utilizing DLL search order hijacking to sideload ShadowPad and PlugX variants. The threat actor also employs various tools, including an LSA notification package and a passive backdoor known as GUNTERS. Their activities involve targeting the telecommunication sector and leveraging Impacket for lateral movement and data exfiltration.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/"
+        ]
+      },
+      "uuid": "41243ff2-e4f1-4605-9259-ab494c1c8c04",
+      "value": "Moshen Dragon"
     }
   ],
   "version": 294